Description
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
Published: 2026-05-15
Score: 1.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read in AMD Instinct remote‑management firmware can allow a privileged attacker to read a restricted section of memory beyond established bounds, potentially exposing sensitive data and disrupting normal firmware operation.

Affected Systems

AMD Instinct MI300A, MI300X, MI308X, and MI325X graphics processors are affected by this vulnerability.

Risk and Exploitability

The CVSS score of 1.8 indicates a low severity issue, EPSS is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector requires a privileged attacker with access to the device’s remote‑management interface; it is inferred that no public exploits have been reported. Mitigation should focus on ensuring the firmware is up‑to‑date and limiting privileged access to the management interface.

Generated by OpenCVE AI on May 15, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD Instinct firmware release and any available patch.
  • Restrict remote‑management access to authorized personnel only, using strong authentication and role-based permissions.
  • Monitor system logs for anomalous memory‑access activity and maintain up‑to‑date backups of the firmware and BIOS.
  • Consider disabling remote‑management features if they are not required for normal operation.

Generated by OpenCVE AI on May 15, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd instinct Mi300a
Amd instinct Mi300x
Amd instinct Mi308x
Amd instinct Mi325x
Vendors & Products Amd
Amd instinct Mi300a
Amd instinct Mi300x
Amd instinct Mi308x
Amd instinct Mi325x

Fri, 15 May 2026 06:00:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in AMD Instinct Remote Management Firmware

Fri, 15 May 2026 04:30:00 +0000

Type Values Removed Values Added
Description An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Amd Instinct Mi300a Instinct Mi300x Instinct Mi308x Instinct Mi325x
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T11:12:35.216Z

Reserved: 2024-01-03T16:43:21.323Z

Link: CVE-2024-21950

cve-icon Vulnrichment

Updated: 2026-05-15T11:12:29.653Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T05:16:32.340

Modified: 2026-05-15T14:10:17.083

Link: CVE-2024-21950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T11:15:25Z

Weaknesses